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REMARKS 

This Amendment addresses the Office Action dated June 1, 2007. Applicants 
respectfully request favorable reconsideration of this application, as amended. 

By this Amendment, Claims 1, 2 and 6-8 have been amended to more 
particularly recite subject matter Applicants' regard as their invention and as 
discussed in detail below. Claims 6-8 have also been amended for clarity of 
expression. Claim 5 was previously cancelled without prejudice or disclaimer. 
Claims 9-17 have been added. Thus, Claims 1-4 and 6-17 are pending. 

In the Office Action, Claims 1-8 were rejected under 35 USC §103 over U.S. 
Patent No. 6,598,167 to Devine et al. ("Devme") in view of U.S. Patent No. 6,510,464 
to Grantges et al. ("Grantges"). 

Without acceding to the rejection, Claims 1, 2 and 6-8 have been amended to 
more particularly recite subject matter that Applicants' regard as their invention. In 
particular, Claim 1 recites, inter alia, that a first protocol used between the client 
machine and the server machine is a non-secure stateless protocol, and that the 
method comprises inserting the certificate unmodified into a cookie header of a 
request in the first protocol, transmitting the request, including the cookie header 
containing said certificate, from the security module to the server machine using the 
first protocol , and that the cookie header of the request includes a plurality of cookies. 
Support is provided, for example, at paragraphs [0033] and [0043] of Applicants' 
specification. 

It is apparent that the applied references do not teach or suggest the above- 
discussed combination of features recited in Claim 1 . 
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For example, the Office Action acknowledges at page 5 that the primary 
reference, Devine, does not disclose inserting a certificate into a cookie header of a 
request, as recited in Claim 1. However, it is alleged that Devine" s failure in this 
regard is cured by the teachings provided by secondary reference Grantges. 

In contrast to the claimed invention, however, Grantges teaches a gateway 
proxy server 40 that builds an "authentication cookie 90" in response to authentication 
data received from the authorization server 46 "indicative of whether the tendered 
digital certificate successfully authenticated." See Grantges, col. 10, lines 6-25; and 
FIG. 1 . It is thus apparent that Grantges does not teach or suggest inserting the 
certificate unmodified into a cookie header of a request, as recited in Claim 1 . For 
example, Grantges further teaches that his "[authentication cookie 90 may include 
information such as timestamp information indicating a time of successful 
authentication" of the certificate. Grantges, col. 10, lines 13-15. 

Therefore, it is apparent that neither Devine nor Grantges teaches or suggests 
inserting the certificate unmodified into a cookie header of a request, as recited in 
Claim 1. 

Furthermore, Claim 1 recites, inter alia, that a first protocol used between the 
client machine and the server machine is a non-secure stateless protocol, and 
transmitting the request, including the cookie header containing said certificate, from 
the security module to the server machine using the first protocol . It is apparent that 
the applied references also do not teach or suggest this feature recited in Claim 1 . 

For example, Devine teaches transmitting cookies and requests using a secure 
protocol, for example, SSL-based HTTP (i.e., "HTTPS"). See Devine, col. 20, line 54 
to col. 21, line 11; col. 8, lines 17-30; col. 11, lines 34-38; and col. 13, lines 29-61. 
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Grantges, for its part, teaches only passing certificates using a secure protocol, for 
example, SSL-based HTTP (i.e., "HTTPS"). See Grantges, col. 9, lines 4 and 46-53; 
and FIG. 3. Thus it is apparent that neither Devine nor Grantges teaches or suggests 
transmitting the request, including the cookie header containing the certificate, from 
the security module to the server machine using the first [non-securel protocol , as 
recited in Claim 1 . 

Therefore, Applicants respectfully submit that Claim 1 distinguishes 
patentably from the applied references. 

In addition, Claim 6 recites, inter alia, that a first protocol used between the 
client machine and server machine is a non-secure stateless protocol , and an analyzer 
configured to insert an unmodified certificate into a cookie header of an HTTP or 
equivalent request, and further configured to transmit to a server said unmodified 
certificate contained in said cookie header using said first protocol . 

Claim 7 recites, inter alia, the first protocol comprising a non-secure stateless 
protocol, and that the security module comprises an analyzing program configured to 
insert an unmodified certificate sent by the client machine into a cookie header of a 
request in conformance with said non-secure stateless protocol, and wherein the 
analyzing program is further configured to transmit to a server said unmodified 
certificate contained in said cookie header using said non-secure stateless protocol . 

Claim 8 recites, inter alia, that a first protocol used between the client 
machine and the server machine is a non-secure stateless protocol, inserting the 
certificate unmodified into a cookie header of a request, and transmitting the request, 
including the cookie header containing the unmodified certificate, from the security 
module to the server machine using said first protocol. 
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Therefore, Claims 6-8 are also believed to distinguish patentably from the 
applied references for at least the reasons discussed above with respect to Claim 1 . 

Further, addressing the concerns stated in the Office Action at page 4, Claims 
1, 2 and 6-8 have been amended to clarify that the recited "cookie header" refers to 
the cookie header of the request , and not to a portion of an individual cookie itself. 
Support is provided, for example, at paragraphs [0018] to [0021] of Applicants' 
specification. 

New dependent Claims 9-17 have been added to protect additional subject 
matter analogous to dependent Claims 2-4. Dependent Claims 2-4 and 9-17 are also 
believed to be patentable due at least to their dependence from Claims 1 and 6-8, as 
well as for the additional subject matter recited in the dependent Claims 2-4 and 9-17. 

Therefore, Applicants respectfully submit that Claims 1-4 and 6-17 distinguish 
patentably from the applied references. A prompt Notice of Allowance is respectfully 
requested. 

Should the Examiner believe that any further action is necessary to place this 
application in better form for allowance, the Examiner is invited to contact 
Applicants' representative at the telephone number listed below. 

The Commissioner is hereby authorized to charge to Deposit Account No. 50- 
1 165 (T2 147-907679) any fees under 37 C.F.R. §§ 1.16 and 1.17 that may be required 
by this paper and to credit any overpayment to that Account. If any extension of time 
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is required in connection with the filing of this paper and has not been separately 
requested, such extension is hereby requested. 



Miles & Stockbridge, P.C. 
1751 Pinnacle Drive 
Suite 500 

McLean, Virginia 22102-3833 

(703)610-8647 

4825-3828-1217 



Respectfully submitted, 



October 1, 2007 




Reg. No. 20,604 



Eric G. King 
Reg. No. 42,736 
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